selinux-policy/testing/tcpd/proftpd.conf

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName			"ProFTPD server"
ServerIdent			on "FTP Server ready."
ServerAdmin			root@localhost
#ServerType			standalone
ServerType			inetd
DefaultServer			on
AccessGrantMsg			"User %u logged in."
#DisplayConnect			/etc/ftpissue
#DisplayLogin			/etc/ftpmotd
#DisplayGoAway			/etc/ftpgoaway
DeferWelcome			off

# Use this to excude users from the chroot
DefaultRoot			~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig			proftpd
AuthOrder			mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups			off
UseReverseDNS			off

# Port 21 is the standard FTP port.
Port				21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

# Default to show dot files in directory listings
ListOptions			"-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228		off
#RootLogin			off
#LoginPasswordPrompt		on
#MaxLoginAttempts		3
#MaxClientsPerHost		none
#AllowForeignAddress		off	# For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart		on
AllowStoreRestart		on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			20

# Set the user and group that the server normally runs at.
User				nobody
Group				nobody

# This is where we want to put the pid file
ScoreboardFile			/var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite		yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

# Define the log formats
LogFormat			default	"%h %l %u %t \"%r\" %s %b"
LogFormat			auth	"%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine			on
#TLSRequired			on
#TLSRSACertificateFile		/usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile	/usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite			ALL:!ADH:!DES
#TLSOptions			NoCertRequest
#TLSVerifyClient		off
##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
#TLSLog				/var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
<Anonymous ~ftp>
  User				ftp
  Group				ftp
  AccessGrantMsg		"Anonymous login ok, restrictions apply."

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias			anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients			10 "Sorry, max %m users -- try again later"

  # Put the user into /pub right after login
  DefaultChdir			/pub

  # We want 'welcome.msg' displayed at login, '.message' displayed in
  # each newly chdired directory and tell users to read README* files. 
  DisplayLogin			/welcome.msg
  DisplayFirstChdir		.message
  DisplayReadme			README*

  # Some more cosmetic and not vital stuff
  DirFakeUser			on ftp
  DirFakeGroup			on ftp

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE SITE_CHMOD>
    DenyAll
  </Limit>

  # An upload directory that allows storing files but not retrieving
  # or creating directories.
  <Directory uploads/*>
    AllowOverwrite		no
    <Limit READ>
      DenyAll
    </Limit>

    <Limit STOR>
      AllowAll
    </Limit>
  </Directory>

  # Don't write anonymous accesses to the system wtmp file (good idea!)
  WtmpLog			off

  # Logging for the anonymous transfers
  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
  ExtendedLog		/var/log/proftpd/auth.log AUTH auth

</Anonymous>
Added configurations for testing tcpd. 2005-11-09 21:36:09 +00:00			`# This is the ProFTPD configuration file`
			`# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $`

			`ServerName "ProFTPD server"`
			`ServerIdent on "FTP Server ready."`
			`ServerAdmin root@localhost`
			`#ServerType standalone`
			`ServerType inetd`
			`DefaultServer on`
			`AccessGrantMsg "User %u logged in."`
			`#DisplayConnect /etc/ftpissue`
			`#DisplayLogin /etc/ftpmotd`
			`#DisplayGoAway /etc/ftpgoaway`
			`DeferWelcome off`

			`# Use this to excude users from the chroot`
			`DefaultRoot ~ !adm`

			`# Use pam to authenticate (default) and be authoritative`
			`AuthPAMConfig proftpd`
			`AuthOrder mod_auth_pam.c* mod_auth_unix.c`

			`# Do not perform ident nor DNS lookups (hangs when the port is filtered)`
			`IdentLookups off`
			`UseReverseDNS off`

			`# Port 21 is the standard FTP port.`
			`Port 21`

			`# Umask 022 is a good standard umask to prevent new dirs and files`
			`# from being group and world writable.`
			`Umask 022`

			`# Default to show dot files in directory listings`
			`ListOptions "-a"`

			`# See Configuration.html for these (here are the default values)`
			`#MultilineRFC2228 off`
			`#RootLogin off`
			`#LoginPasswordPrompt on`
			`#MaxLoginAttempts 3`
			`#MaxClientsPerHost none`
			`#AllowForeignAddress off # For FXP`

			`# Allow to resume not only the downloads but the uploads too`
			`AllowRetrieveRestart on`
			`AllowStoreRestart on`

			`# To prevent DoS attacks, set the maximum number of child processes`
			`# to 30. If you need to allow more than 30 concurrent connections`
			`# at once, simply increase this value. Note that this ONLY works`
			`# in standalone mode, in inetd mode you should use an inetd server`
			`# that allows you to limit maximum number of processes per service`
			`# (such as xinetd)`
			`MaxInstances 20`

			`# Set the user and group that the server normally runs at.`
			`User nobody`
			`Group nobody`

			`# This is where we want to put the pid file`
			`ScoreboardFile /var/run/proftpd.score`

			`# Normally, we want users to do a few things.`
			`<Global>`
			`AllowOverwrite yes`
			`<Limit ALL SITE_CHMOD>`
			`AllowAll`
			`</Limit>`
			`</Global>`

			`# Define the log formats`
			`LogFormat default "%h %l %u %t \"%r\" %s %b"`
			`LogFormat auth "%v [%P] %h %t \"%r\" %s"`

			`# TLS`
			`# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html`
			`#TLSEngine on`
			`#TLSRequired on`
			`#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem`
			`#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem`
			`#TLSCipherSuite ALL:!ADH:!DES`
			`#TLSOptions NoCertRequest`
			`#TLSVerifyClient off`
			`##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300`
			`#TLSLog /var/log/proftpd/tls.log`

			`# A basic anonymous configuration, with an upload directory.`
			`<Anonymous ~ftp>`
			`User ftp`
			`Group ftp`
			`AccessGrantMsg "Anonymous login ok, restrictions apply."`

			`# We want clients to be able to login with "anonymous" as well as "ftp"`
			`UserAlias anonymous ftp`

			`# Limit the maximum number of anonymous logins`
			`MaxClients 10 "Sorry, max %m users -- try again later"`

			`# Put the user into /pub right after login`
			`DefaultChdir /pub`

			`# We want 'welcome.msg' displayed at login, '.message' displayed in`
			`# each newly chdired directory and tell users to read README* files.`
			`DisplayLogin /welcome.msg`
			`DisplayFirstChdir .message`
			`DisplayReadme README*`

			`# Some more cosmetic and not vital stuff`
			`DirFakeUser on ftp`
			`DirFakeGroup on ftp`

			`# Limit WRITE everywhere in the anonymous chroot`
			`<Limit WRITE SITE_CHMOD>`
			`DenyAll`
			`</Limit>`

			`# An upload directory that allows storing files but not retrieving`
			`# or creating directories.`
			`<Directory uploads/*>`
			`AllowOverwrite no`
			`<Limit READ>`
			`DenyAll`
			`</Limit>`

			`<Limit STOR>`
			`AllowAll`
			`</Limit>`
			`</Directory>`

			`# Don't write anonymous accesses to the system wtmp file (good idea!)`
			`WtmpLog off`

			`# Logging for the anonymous transfers`
			`ExtendedLog /var/log/proftpd/access.log WRITE,READ default`
			`ExtendedLog /var/log/proftpd/auth.log AUTH auth`

			`</Anonymous>`